Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 2536 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update endpoint clients from 9.5 to 9.7 - No longer showing connection- RESOLVED

toddh

Hello,

Over the weekend I updated our Sophos Enterprise Console from 4.5 to 4.7.

The update went perfectly.

This morning, I prepared a second subscription, and update policy to test out the updating of the endpoint clients.

I moved a few PC's into a new group and assigned them the new update policy.

The PC's updated their clients from 9.5 to 9.7 without a problem.

However, now all of the client PC's are showing no connection back to the server on the Sophos Enterprise Console (there is the red 'x' over the PC icon).

I have to push the endpoint client software update down to the machines again manually, then they start showing that they are connected

I have the client software 9.7 downloading into the same share location as version 9.5

Sophos has created a new directory called "S002" - Not sure if this is correct or not but I thought I should mention it

Has anyone else experienced this issue?

According to the endpoints themselves, they have  a connection with the Sophos server.

Any help would greatly be appreciated.

Thank you,

Cheers

----------------------------------------------------------

Sorry for the late bit of information.

I just noticed, for the endpoint clients that update automatically, they are getting version 9.5.5 VDL4.67G - This is what the Enterprise Console is reporting. But the clients themselves show that they have version 9.7

So there must be a communication error between Sophos Server and the endpoint software.

I have no idea where this is coming from... That's definitely not what the subscription/Updating policy is set to install.

I will have to dig more!

===========================================

Okay so I managed to figure it out.

For whatever reason, if I left the clients to auto update, their mrinit files were getting populated with the incorrect information.

I shutdown my test Sophos server and tested with a new computer.

The autoupdate went through and the mrinit file was populated with the correct information.

I still don't know why or how they were picking up the test server - I have absolutely no clients managed by that server.

Shutting it down though appears to have fixed my issue.

Sorry to have wasted everyone's time :(

:14963


This thread was automatically locked due to age.
  • 0

    Hey,

    Sorry for responding again to my own post.

    I think I have narrorwed down what has happened.

    I have a test Sophos server that I have that I ONLY use to test certain things - such as a software update.

    Some how, the DNS/WINS name for the sophos test server found its way into the mrinit file on my test machines.

    I don't know how this happened? The servers are completely separate from one another.

    If I let the clients auto update, for some reason they use the test server - I checked the mrinit file and confirmed the incorrect sophos server name.

    If I then push the client down from the production sophos server and check the mrinit file again, it shows the correct sophos server.

    I still can't understand how it managed to use the test server? I have NO clients showing on the test server.

    I have shut the test server down though and will test a few more clients to see how they react.

    Will report back.

    Thank you

    :14965
  • 0

    Hello toddh,

    Some how, the DNS/WINS name for the sophos test server found its way into the mrinit file on my test machines

    This some how has to be a download from a CID. Now it is strange that shutting down the test SEC (I assume it's a full console, not a SUM - and I also assume that it does not use the same certificates as your production server, right?) should make a difference. The other strange thing is that the result of Protect Computers differs from the automatic update.

    If the problem re-appears when you turn on the test server it should be investigated. The ALUpdate logs should tell you where the clients are pulling the updates from - and also if mrinit.conf is downloaded during the update. Right now I can't see a way to achieve the behaviour you described. So please report back :smileyhappy:

    Christian

    :14977
  • 0

    Hello QC,

    Thank you for your reply.

    When I saw the name change in the mrinit file I immediately went to check the CID location to see if  the mrinit coming from the CID on the production server had the incorrect information as well. The CID on the production server had the correct information in the mrinit file.

    The test Sophos Server was setup as though it was going to go into production so it is a full install.

    Sorry for my lack of knowledge but I am not entirely sure what you mean by "..does not use the same certificates as your production server.."

    I have done my best to try and keep the two server's completely separate from one another.

    IP's and DNS/Computers are all different for the two server's.

    I will bring the test server back online though and test a few more clients to see what they do.

    I would like to try and get to the bottom of why these clients pull from the wrong server when they are allowed to auto update.

    Especially when the clients are not managed by the test Sophos Server to begin with.

    The ALUpdate logs, should I be checking these on the clients themselves? Or on the Server?

    Thanks again for your response.

    Cheers

    :14981
  • 0

    Hello,

    re: certificates - the client's RMS checks whether it is connecting to the "correct" server (i.e. the same it was connecting to previously) otherwise it refuses to connect. When the clients initially registers with the server it stores the server's certificate and checks this certificate whenever it reconnects. By exporting certain registry keys and importing them on a new server before installing SEC you can make the new server issue an identical certificate. In this case you can "move" the clients freely from one server to the other without reinstalling RMS (or using the reset script).  

    ALUpdate logs from the client (there's - usually - no log on the server which client is downloading what unless it's over http)

    Christian

    :14983
  • 0

    Hey,

    Sorry for my late response.

    I was busy with the update of SEC 4.5 to SEC 4.7 and Client updates from 9.5 to 9.7

    After reading you suggestion QC, I went ahead and switched everything back on on our test Sophos Server. I did my best to create the same environment as before (when I was having the problem).

    Unfortunately, I was unsuccessful in reproducing the issue.

    With the test Sophos Server up and running as it was before, I pushed the update from the production server down to about 4 clients. All the clients updated successfully with no issues.

    I am kind of disappointed now that I didn't dig deeper while having this problem. I would have liked to try and understand what happend.

    Thanks QC for the help, I'm sorry though I wasn't able to get more info.

    Cheers

    :15085